PT-2023-5911 · Google+4 · Google Chrome+4

Bahaa Naamneh

·

Published

2023-10-10

·

Updated

2024-11-29

·

CVE-2023-5477

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 118.0.5993.70
Description The issue is related to an inappropriate implementation in the Installer component of Google Chrome, which allowed a local attacker to bypass discretionary access control via a crafted command. This could potentially enable an attacker to circumvent existing security restrictions. The vulnerability is related to incorrectly implemented security checks for standard elements, and exploitation may allow a remote attacker to bypass security restrictions using a specially crafted HTML page.
Recommendations For Google Chrome versions prior to 118.0.5993.70, update to version 118.0.5993.70 or later to resolve the issue. As a temporary workaround, consider restricting access to the Installer component until a patch is available. Avoid using the Installer component with crafted commands until the issue is resolved.

Exploit

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

ALT-PU-2023-6445
ALT-PU-2023-7121
ALT-PU-2023-8219
ALT-PU-2023-8370
ALT-PU-2024-14286
ALT-PU-2024-14830
ALT-PU-2024-4260
ALT-PU-2024-4381
ALT-PU-2024-6148
BDU:2023-06607
CVE-2023-5477
DSA-5526-1
MGASA-2023-0289
OPENSUSE-SU-2023:0300-1
OPENSUSE-SU-2023:0337-1
OPENSUSE-SU-2023:0338-1
OPENSUSE-SU-2023_0337-1
OPENSUSE-SU-2023_0338-1
OPENSUSE-SU-2024:13317-1
OPENSUSE-SU-2024:13335-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Red Os
Suse